ScreenOS Firewalls (NOT SRX)
Reply
Contributor
Afif
Posts: 11
Registered: ‎09-20-2011
0

How to create VLAN on SSG20

 

 

Hi,

 

I have difficulty in configuring VLAN on my ssg20. I've try to search in KB but failed to get a better reference guide. I hope with this post, all the juniper expert can give advice and share some knowledge and give a futher reference to others

 

 

My situation is like this,

 

I have one dynamic IP that connected to my ssg20 at eth0 (untrust-zone). For eth2 and eth 3, i plan to set the VLAN to this interfaces. I have a server with two different network card. Both have different IP

 

For eth2 i plan to connect this interface to my server with IP,

 

IP:10.0.7.20

gateway: 10.0.7.1

netmask:255.255.255.0

 

For eth3

 

IP: 10.0.8.20

gateway:10.0.8.1

netmask: 255.255.255.0

 

I want both network card can route to internet cloud using same gateway. How can i configure this VLAN?

 

 

Thanks is advance

 

 

Attached is the example network diagram

Super Contributor
nikolay.semov
Posts: 171
Registered: ‎03-15-2012
0

Re: How to create VLAN on SSG20

No attachment.

Also, unless you're connecting the server NICs to the firewall directly, this is really a switch configuration question. If the firewall interfaces are connected to access-mode switch ports (as they should be in your case) the firewall couldn't care less what VLANs those ports belong to.
Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Re: How to create VLAN on SSG20

using eth0/0.0, eth0/0.1...
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Distinguished Expert
echidov
Posts: 858
Registered: ‎11-02-2009
0

Re: How to create VLAN on SSG20

Hi,

 

There are no need to configure VLANs here.

Could you please explain why do you want to have VLANs on the firewall?

Kind regards,
Edouard
Contributor
Afif
Posts: 11
Registered: ‎09-20-2011
0

Re: How to create VLAN on SSG20

 

 

Hi,

 

 

Thanks for your reply. Much appreciate

 

 

The reason why i want to use VLAN is due to my server have two different network card with different gateway 10.0.7.1/24 and 10.0.8.1/24. Both of the network card must be route to internet. But i realized that i also can use two bgroup with different gateway and route using same network

 

 

Am i right?

 

bgroup1 - consist of eth0/2 with IP 10.0.7.1

 

bgroup2 - consist of eth0/3 with IP 10.0.8.1

 

 

 

 

 

Super Contributor
nikolay.semov
Posts: 171
Registered: ‎03-15-2012
0

Re: How to create VLAN on SSG20

No, bgroup members cannot have their IP. So, having a single interface in a bgroup is meaningless.
Distinguished Expert
echidov
Posts: 858
Registered: ‎11-02-2009
0

Re: How to create VLAN on SSG20

Hi,

 

Connect eth2 and eth3 of the firewall to a switch and both server cards to the same switch. That's it.

You can also configure two VLANs on the switch with two ports in each VLAN. VLAN10: eth2 and NIC1, VLAN20:eth3 and NIC2. No VLANs are required on the firewall also in this case.

Kind regards,
Edouard
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.